Empirical Privilege Profiler—User Privilege Analysis

The Principle of Least Privilege says that programs should operate with sufficient privilege to get the job done, but no more, in order to minimize the harm that can be done in case of error. The Empirical Privilege Profiler system (EPP) collects data about privileges actually exercised by running programs and use that data to create a composite abstract privilege profile for the program. Privilege profiles created by the EPP can be used to guide system administrators in granting program privileges, as well as in intrusion detection, detection of insider misuse, and program development. To create an EPP system, ATC-NY has developed novel technologies for extracting the privileges exercised by programs and for building composite resource usage profiles that are independent of individual computers, users, and sites. In Phase II, ATC-NY integrated those technologies into the prototype of a distributed system that creates composite privilege profiles based on execution of a program at multiple cooperating sites.